{ "$schema": "http://cyclonedx.org/schema/bom-1.6.schema.json", "bomFormat": "CycloneDX", "specVersion": "1.6", "serialNumber": "urn:uuid:e5d0a460-7b24-5558-a1ae-2a185030fed4", "version": 1, "metadata": { "tools": [ { "name": "tuxcare-vex-generator", "version": "1.0.0" } ] }, "components": [ { "bom-ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1", "type": "library", "group": "org.apache.tomcat", "name": "tomcat-jsp-api", "version": "7.0.109-tuxcare.1", "purl": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ], "vulnerabilities": [ { "bom-ref": "urn:uuid:3298f84a-82b3-525a-93f3-dc947adf4a1b", "id": "CVE-2013-4590", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2013-4590 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:40f56478-b7f9-5a88-bb3b-b2fc9d991721", "id": "CVE-2015-5174", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5174 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6cf6e5f9-6e70-57cc-8eef-93b5d07ba488", "id": "CVE-2015-5346", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2015-5346 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:9016331f-6dfb-5a28-bf1c-6a812f49bb38", "id": "CVE-2016-0706", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0706 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:53a653d0-c4c5-557f-8282-663763b07856", "id": "CVE-2016-0762", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0762 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f604cea-ef9e-5121-b104-c84256a443fb", "id": "CVE-2016-0763", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-0763 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:16a64891-c01a-570c-8cc5-14a8691c2c5e", "id": "CVE-2016-5018", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-5018 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:6edc8fa1-5e3b-5092-b064-605582b6be0e", "id": "CVE-2016-6794", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6794 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d5313ebc-4cac-511e-a129-e68822a15cb4", "id": "CVE-2016-6796", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6796 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:8964f6b1-97ee-5a83-a796-f50c5d2c66c8", "id": "CVE-2016-6797", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6797 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c05afa5f-71ac-551f-bbd6-b1e73172bfa7", "id": "CVE-2016-6816", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6816 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d69fae61-08d3-5afe-854b-1f96d73ac3b8", "id": "CVE-2016-6817", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-6817 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:ce035920-0463-5724-9671-a4ccf3ecfcd5", "id": "CVE-2016-8745", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8745 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4de1d58a-8ac9-5bda-9a4e-022b712d3b35", "id": "CVE-2016-8747", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2016-8747 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e546bd0e-d76a-5362-9158-361d8fda38c7", "id": "CVE-2017-12617", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-12617 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c376b8c-be2d-5c5e-a8d6-bf7398c79bdf", "id": "CVE-2017-5647", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5647 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:81fd5318-4628-59d8-9db4-c331e1136889", "id": "CVE-2017-5648", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5648 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:a9da09fa-28f6-5c41-ba85-3d642489527c", "id": "CVE-2017-5650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4d785f85-fed6-56d7-836c-7d2a4470fb40", "id": "CVE-2017-5651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2a9ceba2-a484-57fa-bfb7-47a9c00494f2", "id": "CVE-2017-5664", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-5664 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:95a2b920-6a73-5563-864c-5c9880b0352e", "id": "CVE-2017-7674", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7674 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:2ff669dd-a072-5db2-838c-c01320b5e847", "id": "CVE-2017-7675", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2017-7675 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e9e250af-a367-5d94-a05d-1f9eaca44621", "id": "CVE-2018-1304", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1304 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e0ec4568-f82c-5aee-9b54-1a6f29e41f71", "id": "CVE-2018-1305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0c593e8c-1683-5eb5-a86b-7eff15cc70a7", "id": "CVE-2018-1336", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-1336 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e573e94d-edbb-569d-b59b-8abe8e6bcf28", "id": "CVE-2018-8014", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8014 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b54b02c5-bf02-5739-9fea-46fd8d2f9318", "id": "CVE-2018-8034", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2018-8034 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:89299181-5133-5752-89f9-5a2ab9355a6b", "id": "CVE-2019-12418", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2019-12418 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:4f208053-3079-597f-bb70-fd2f10978e73", "id": "CVE-2020-11996", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-11996 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7ca8a554-8220-56c1-8096-f4ff21530eb9", "id": "CVE-2020-13934", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13934 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:841a4f8d-870c-5906-9494-393c787e8bd2", "id": "CVE-2020-13943", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-13943 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b58f71ab-4e74-5a24-962b-b0108367789c", "id": "CVE-2020-9484", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2020-9484 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b09cd93a-f986-524b-97fd-d7bcb35b6822", "id": "CVE-2021-24122", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-24122 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e52581e8-4e65-5604-b5a2-20665b7b6d16", "id": "CVE-2021-30639", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-30639 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:01ebad04-a862-508e-be83-6bfb2cbf59cb", "id": "CVE-2021-42340", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2021-42340 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:5215195f-4fef-5613-96d3-4553d6dd6dcf", "id": "CVE-2022-23181", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-23181 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:150a50ae-87c6-5e40-bd59-700e135f3def", "id": "CVE-2022-34305", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-34305 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:42abdf03-5494-5a57-823c-1b7bb86e442b", "id": "CVE-2022-45143", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2022-45143 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:441c78d9-3691-5f49-be62-a655b8fb2c42", "id": "CVE-2024-24549", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-24549 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fdb80a0f-1d41-5b02-a7cd-f88d40cd52d4", "id": "CVE-2024-38286", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-38286 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:fcfa7a90-cb56-57d5-b64b-fc62a838bc15", "id": "CVE-2024-52316", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2024-52316 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:d4b2a78a-fd2b-57bf-ac43-1902c3fc0361", "id": "CVE-2025-31650", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31650 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:61513956-45e3-5ff9-ba41-6f991435cd2d", "id": "CVE-2025-31651", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-31651 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:b36aaf2e-7c96-549f-aeb2-8242c7247ac3", "id": "CVE-2025-48988", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-48988 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7aa63034-778d-5cbe-a35b-19526198be60", "id": "CVE-2025-49125", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-49125 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:c3489b46-25ba-5a5c-94c1-995bfa79c35b", "id": "CVE-2025-66614", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2025-66614 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:e91eb5a9-ad3c-5208-96eb-1c9eff6db66a", "id": "CVE-2026-24733", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-24733 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:74691aad-1d52-5b5b-b8a9-f609964a2b23", "id": "CVE-2026-24880", "analysis": { "state": "resolved", "detail": "Vulnerability CVE-2026-24880 is fixed in version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0fe37a03-fe87-5a20-9ed4-05bd2fe6a19d", "id": "CVE-2026-29145", "analysis": { "state": "not_affected", "detail": "Vulnerability CVE-2026-29145 does not affect version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api. The official CVE record (https://www.cve.org/CVERecord?id=CVE-2026-29145) limits the affected versions to Apache Tomcat 9.0.13\u20139.0.115, 10.1.0-M7\u201310.1.52, and 11.0.0-M1\u201311.0.18. Version 7.0.109 is not within any of these ranges" }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:0ff6b5b6-6d96-5699-8b1d-d6e79e66fa1c", "id": "CVE-2026-29146", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-29146 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }, { "bom-ref": "urn:uuid:7d87368e-1353-55ba-9392-6eeff2a133f2", "id": "CVE-2026-32990", "analysis": { "state": "exploitable", "detail": "Vulnerability CVE-2026-32990 affects version 7.0.109-tuxcare.1 of org.apache.tomcat:tomcat-jsp-api." }, "affects": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] } ], "dependencies": [ { "ref": "pkg:maven/org.apache.tomcat/tomcat-jsp-api@7.0.109-tuxcare.1" } ] }